Conduct thorough investigation of security events generated by our detection mechanisms such as SIEM, IDS/IPS, and AV.
- Experienced in customizing Splunk for Monitoring, Application Management, and Security as per customer requirements and industry best practice.
- Performed field extractions using Rex and Regex in configuration files and on search heads.
- Monitor and analyze Intrusion Detection Systems (IDS) to identify security issues for remediation.
- Configure, maintain, and design network security solutions including firewalls (CheckPoint and Cisco ASA), IDS/IPS (CheckPoint and SourceFire), VPN, ACLs, Web Proxy, etc.
- Perform periodic and on-demand system audits and vulnerability assessments, including user accounts, application access, file system and external Web integrity scans to determine compliance.
- Ensured data security, integrity, and policy control using data masking for PII and data encryption using tools like dgsecure.
- Identifying emerging threat tactics, techniques, and procedures used by malicious cyber actors and publish actionable threat intelligence for business and technology management.
- Experience with tools like Veracrypt, Bitlocker, FileVault2, and DiskCryptor to encrypt data at rest for Linux and Windows environment.
- Excellent knowledge of TCP/IP networking, inter-networking technologies (routing/switching, proxy, firewall, load balancing etc.), and other networking protocols like SSL, SNMP, FTP, SFTP, ICMP, UDP, Http, Https, and ARP.
- Experience working with security monitoring tools like nmap, zenmap, wireshark, Opmanager, Microsoft message analyzer and other online resources.
- Good experience implementing IPS/IDS (Snort and AID) in Linux and UNIX environments using VMWare and vsphere.
- Good Knowledge and experience with reading tcp/memory/file dumps, log files, analyzing packet capture, scanning network using nmap tool and flag options, UNIX file permissions/file architecture, load balancing, and cloud zones' security (AWS and Azure).
- Integration of Splunk with a wide variety of legacy and security data sources that use various protocols.
- Conducted password testing and network sniffing using "Cain and Abel" and tcpdumps respectively to find and mitigate weak passwords in the internal network and administering of the TCP/IP packets received by the network. Used other network packet capturing/sniffing and port scanning tools as required.
- Worked on Unix servers' security log monitoring and security audits to write reports (on a weekly basis) for further investigation and to help modify/implement/improve security policies.
- Streamlined Splunk to build, configure and maintain heterogeneous environments and in-depth knowledge of log analysis generated by various systems including security products (SIEM functionality).
- Advanced knowledge on Internet working, OSI model, TCP/IP, network architecture, system security and firewall infrastructure.
- Developed Splunk Objects and reports for analyzing Security baseline violations, Non-authenticated connections, Brute force attacks, and many other use cases.
- Experience in implementing of DNS and DHCP protocols
- Experience with different Network Management Tools and Sniffers like Wireshark, NMap, Solar Winds, CISCO works, Netscout, HP-Open view
- Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflows.
- Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis. Passionate about Machine data and operational Intelligence.
- Perform implementation of security and compliance-based use cases. Performing maintenance and optimization of existing Splunk deployments.
- Worked with Security Engineering team to refine and improve dashboards/alerts/reports in all security platforms as IR processes mature.
- Good Understanding and experience working on Linux and UNIX operating systems to implement security measures using available Toolkits.
- Expertise in writing Splunk searches, SPL and Dashboarding/Visualization, Splunk Infrastructure and Development expert, setting up dashboard for monitoring logs from network devices.
- Experience and/or involvement in every facet of the Enterprise Incident Response Cycle: Preparation, Detection & Analysis, Containment and Recovery, Post Incident Analysis.